IntenseWebs/discourse
3
0
Fork 0
mirror of https://github.com/discourse/discourse.git synced 2024-11-25 18:30:26 -06:00
Code Issues Packages Projects Releases Wiki Activity
33,843 Commits 213 Branches 500 Tags 886 MiB
589351d996
Commit Graph

2915 Commits

Author SHA1 Message Date
Penar Musaraj
03805e5a76
FIX: Ensure lightbox image download has correct content disposition in S3 (#7845) 2019-07-04 11:32:51 -04:00
David Taylor
2063d20e9a Revert "DEV: Let OmniAuth strategies return auth result. (#7833)" 
This reverts commit dc5eb76551.

It is better to keep any custom redirect logic within omniauth, without relying on the app
 2019-07-04 10:06:18 +01:00
Joffrey JAFFEUX
71bf9ec1b2
FEATURE: opt-in guidance on topics for users without access (#7852) 
Co-Authored-By: majakomel <maja.komel@gmail.com>
Co-Authored-By: Robin Ward <robin.ward@gmail.com>
 2019-07-04 10:12:39 +02:00
Arpit Jalan
1708be4f27
FEATURE: support query params when redirecting to internal link on login (#7829) 2019-07-04 11:11:43 +05:30
David Taylor
0f813fc7c7 DEV: Remove reference to non-existent letter_proxy route 
This was introduced in f04471e422, but never actually used
 2019-07-03 23:48:32 +01:00
Osama Sayegh
3d64532273 FEATURE: allow disabling theme components (#7812) 
This allows you to temporarily disable components without having to remove them from a theme. 

This feature is very handy when doing quick fix engineering.
 2019-07-03 18:18:11 +10:00
Osama Sayegh
f1c67729de Different fix (#7815) 2019-07-02 11:53:16 +10:00
Sam Saffron
4dcc5f16f1 FEATURE: when under extreme load disable search 
The global setting disable_search_queue_threshold
(DISCOURSE_DISABLE_SEARCH_QUEUE_THRESHOLD) which default to 1 second was
added.

This protection ensures that when the application is unable to keep up with
requests it will simply turn off search till it is not backed up.

To disable this protection set this to 0.
 2019-07-02 11:22:01 +10:00
Dan Ungureanu
dc5eb76551 DEV: Let OmniAuth strategies return auth result. (#7833) 2019-07-01 13:13:11 -03:00
Ralph Rooding
4ba35472e6 Don't check for second factor when switching to anonymous account (#7803) 2019-06-27 15:01:26 -07:00
Gerhard Schlager
fe870a1e54 DEV: Respond with error 400 to uploads requested via XHR 
follow-up to 13f38055
 2019-06-27 11:15:35 +02:00
Sam Saffron
5bc5c02af6 FIX: mark topics in sub categories as unread when dismissing parent 
Previously we would only dismiss the parent category and leave the
child categories unread
 2019-06-27 13:26:48 +10:00
Jeff Wong
88ef5e55fe
FEATURE: add ability to have multiple totp factors (#7626) 
Adds a second factor landing page that centralizes a user's second factor configuration.

This contains both TOTP and Backup, and also allows multiple TOTP tokens to be registered and organized by a name. Access to this page is authenticated via password, and cached for 30 minutes via a secure session.
 2019-06-26 16:58:06 -07:00
Gerhard Schlager
13f38055ac SECURITY: XSS in routes 
Co-authored-by: Guo Xiang Tan <tgx_world@hotmail.com>
Co-authored-by: David Taylor <david@taylorhq.com>
 2019-06-26 16:34:15 +02:00
David Taylor
afb5ec811d FIX: Don't use DistributedCache to store redis readonly state 
This can cause unbound CPU usage in some cases, and excessive logging in other cases. This commit moves redis readonly information into the local process, but maintains the DistributedCache for postgres readonly state.
 2019-06-25 11:20:34 +08:00
Dan Ungureanu
ee8669d778
FIX: Ensure :after_auth event is triggered. (#7791) 2019-06-21 21:57:49 +03:00
Penar Musaraj
e51de4cc25
FEATURE: Add endpoint to individually update a theme setting (#7789) 
- also adds a new staff action type called "change theme setting" for easier logging of staff changes to theme settings
 2019-06-21 13:49:14 -04:00
David Taylor
e6e47f2fb2 SECURITY: Add confirmation screen when logging in via user-api OTP 2019-06-17 16:18:44 +01:00
David Taylor
52387be4a4 SECURITY: Add confirmation screen when logging in via email link 2019-06-17 16:18:37 +01:00
David Taylor
5f6f707080 Revert "Merge pull request from GHSA-hv9p-jfm4-gpr9" 
This reverts commit b8340c6c8e.
 2019-06-17 16:17:10 +01:00
David Taylor
b8340c6c8e
Merge pull request from GHSA-hv9p-jfm4-gpr9 
* SECURITY: Add confirmation screen when logging in via email link

* SECURITY: Add confirmation screen when logging in via user-api OTP

* FIX: Correct translation key in session controller specs

* FIX: Use .email-login class for page
 2019-06-17 15:59:41 +01:00
Arpit Jalan
863d8014d0 FIX: respond with 400 error on invalid redirect param 2019-06-17 16:44:30 +05:30
Sam Saffron
704c579550 FIX: do not allow unbound membership lookups 
Previously we would allow looking up membership limits in an unbound way
via the API, this introduces an upper limit of 1000 per page.
 2019-06-17 15:32:06 +10:00
Arpit Jalan
36e53db300 Fix the build. 2019-06-12 16:44:17 +05:30
Arpit Jalan
7b66f8fb46 DEV: optimize bulk invite process 2019-06-12 16:33:19 +05:30
Arpit Jalan
e2636f0ec7 FIX: handle array in redirect param 2019-06-11 17:49:09 +05:30
Dan Ungureanu
a046f6ced5 FEATURE: Trigger Discourse events from authenticators. (#7724) 2019-06-11 11:28:42 +10:00
Gerhard Schlager
bae7b75e23 FIX: Updating a user profile as admin shouldn't change the user's locale 2019-06-07 17:53:46 +02:00
Sam Saffron
cbd4d06da0 PERF: only check for totp record on current user at when needed 
Previously the check was done a bit too early causing one extra query
per page unconditionally for logged on users
 2019-06-07 16:25:04 +10:00
Penar Musaraj
f00275ded3 FEATURE: Support private attachments when using S3 storage (#7677) 
* Support private uploads in S3
* Use localStore for local avatars
* Add job to update private upload ACL on S3
* Test multisite paths
* update ACL for private uploads in migrate_to_s3 task
 2019-06-06 13:27:24 +10:00
Bianca Nenciu
e0c821ebb0 FEATURE: Make staff action logs page support infinite loading 2019-06-06 13:02:53 +10:00
Saurabh Patel
b510006ca8 FEATURE: show tags in crawler view of tags page for static site 
Previously tags page would have an empty page in crawler view
 2019-06-06 12:55:37 +10:00
Roman Rizzi
c3a38d2304 DEV: Make groups/new extensible by plugins (#7642) 
* Expose a new plugin outlet. Pass group model to the group-member-dropdown so it can be accessed by plugins

* Added controller tests for group custom fields. update custom fields when updating a group
 2019-06-06 12:05:33 +10:00
Robin Ward
d902c4eb9f FEATURE: Can sort reviewable queue 
Choices are Priority / Created At (and desc versions.)
 2019-06-05 13:21:05 -04:00
Joffrey JAFFEUX
ce79a71c5d
typo s/faivcon/favicon (#7697) 2019-06-05 09:46:07 +02:00
Sam Saffron
b9df7a2257 FIX: if favicon is missing due to bad url we would return a 500 on favicons 
This ensures that the error logging does not corrupt the cache
 2019-06-05 16:43:40 +10:00
Arpit Jalan
e7fe7010b8
FIX: use hijack for processing bulk invites (#7679) 
FIX: do not store bulk invite CSV file on server
 2019-06-04 20:19:46 +05:30
Régis Hanol
33bc8c276d FIX: default top timeframe was overriding best_periods_for 2019-06-04 10:57:50 +02:00
Régis Hanol
d7ff640778 fix the build 2019-06-03 20:42:46 +02:00
Maja Komel
42809f4d69 FIX: use crawler layout when saving url in Wayback Machine (#7667) 2019-06-03 12:13:32 +10:00
Sam Saffron
e302c0af8b DEV: by default disable anon impersonation in dev environments 
The impersonate any user by anonymous feature in dev should require a
deliberate opt-in. This way developers are better aware of the security
implications of this development only feature.
 2019-06-03 10:02:27 +10:00
Robin Ward
2e0a40007b FIX: Category topics should not be deletable via review queue 2019-05-30 16:43:23 -04:00
romanrizzi
e7ee556e87 Support multi-group user search 2019-05-30 08:45:20 +08:00
Guo Xiang Tan
a3938f98f8 Revert changes to FileStore::S3Store#path_for in f0620e7118. 
There are some places in the code base that assumes the method should
return nil.
 2019-05-29 18:39:07 +08:00
Guo Xiang Tan
f0620e7118 FEATURE: Support [description|attachment](upload://<short-sha>) in MD take 2. 
Previous attempt was missing `post_uploads` records.
 2019-05-29 09:26:32 +08:00
Penar Musaraj
7c9fb95c15 Temporarily revert "FEATURE: Support [description|attachment](upload://<short-sha>) in MD. (#7603)" 
This reverts commit b1d3c678ca.

We need to make sure post_upload records are correctly stored.
 2019-05-28 16:37:01 -04:00
Guo Xiang Tan
b1d3c678ca FEATURE: Support [description|attachment](upload://<short-sha>) in MD. (#7603) 2019-05-28 11:18:21 -04:00
Bianca Nenciu
07b80d491b FIX: Refresh automatic groups after inviting moderators. 2019-05-28 17:19:34 +08:00
Sam Saffron
7429700389 FIX: ensure we can download maxmind without redis or db config 
This also corrects FileHelper.download so it supports "follow_redirect"
correctly (it used to always follow 1 redirect) and adds a `validate_url`
param that will bypass all uri validation if set to false (default is true)
 2019-05-28 10:28:57 +10:00
Robin Ward
d26c4509ea FIX: Adding a user to a group twice under concurrency 
This prevents an error from being raised / logged.
 2019-05-27 15:42:40 -04:00